System and method for dynamic generation of url by smart card

ABSTRACT

Embodiments of a smart card and systems and methods for secure data access using a smart card are described. The smart card may be formed a substrate and may include a microprocessor, a memory containing an applet, a counter, and a unique identifier. The smart card may dynamically generate a unique uniform resource location (URL) and transmit the URL to via a contactless communication interface to securely facilitate data access from other devices.

FIELD OF THE INVENTION

This disclosure relates to smart cards, and more specifically, tosystems and methods for the dynamic generation of uniform resourcelocators by smart cards.

BACKGROUND

Consumers are increasingly adopting electronic payment methods, such ascredit cards and debit cards, for purchases. Consumers will commonlycarry at least one credit or debit card, and often consumers carry morethan one. Consumers may prefer to use credit or debit cards for reasonsof convenience, to earn rewards based on spending, to simplify budgetingthrough the receipt of a monthly statement, or to avoid carrying largeamounts of cash. In many areas, credit or debit card transactionsoutnumber cash transactions.

At the same time, the widespread use of communication devices, such assmart phones, smart watches, laptop computers, and tablets, make dataincreasingly accessible, including financial information such as accountbalances and purchase activity. The availability of these devicescreates expectations for consumers that their data will be easilyaccessible at home, outside the home, and on mobile devices.

In view of these trends, data security is increasingly important in manyareas, and protecting financial or other sensitive data is a particularconcern. Despite large investments in developing, implementing, andmaintain security measures, data theft and fraud causes millions, if notbillions, of losses annually. Any organization handling sensitive data,financial or otherwise, incurs data security costs and risks liabilityfor theft or other losses due to breaches of data security. In additionto monetary costs, data security breaches erode user confidence in abusiness, and a large or otherwise notable breach often attractssignificant public attention.

Accordingly, there are significant, and competing, needs to safeguardsensitive data while ensuring ready access by authorized users.

SUMMARY

Therefore, it is an object of this disclosure to describe a smart cardthat enhances the security of data while promoting accessibility.Various embodiments provide a smart card and systems and methodsincorporating a smart card, proximate communication devices, and remoteservers.

Embodiments of the present disclosure provide a smart card comprising asubstrate; a memory embedded in the substrate, wherein the memorycontains an applet, a counter, and a unique customer identifier, acontactless communication interface embedded in the substrate; and amicroprocessor embedded in the substrate, wherein the microprocessor isin data communication with the memory and the contactless communicationinterface, wherein, upon entry of the contactless communicationinterface into a communication field of a communication device, themicroprocessor increments the counter and synchronizes the value of thecounter with a second counter stored in the communication device, andwherein the applet generates a unique uniform resource locator (URL)based on the incremented value of the counter and the unique customeridentifier, and wherein the unique URL is transmitted to thecommunication device via the contactless communication interface.

Embodiments of the present disclosure provide a system for the secureaccess of information, comprising a server containing financialinformation; a smart card including a microprocessor, a contactlesscommunication interface, and a memory storing an applet, a counter, anda unique customer identifier; and a communication device having acommunication field, wherein upon entry of the contactless communicationinterface into the communication field the microprocessor is configuredto increment a value stored in the counter and synchronize theincremented counter value with the communication device, the applet isconfigured to generate a unique URL based on the incremented value ofthe counter and the unique customer identifier, and the contactlesscommunication interface is configured to transmit the URL to thecommunication device; and wherein upon receipt of the unique URL, thecommunication device opens the URL to display financial informationreceived from the server.

Embodiments of the present disclosure provide a method of accessing ofinformation, the method comprising bringing a smart card containing acontactless communication interface, a microprocessor, and a memorystoring an applet, a counter, and a unique customer identifier, into thecommunication field of a communication device; incrementing a valuestored in the counter and synchronizing the value with a countercontained in the communication device; generating a unique URL based onthe incremented counter value and the unique customer identifier;transmitting the unique URL to the communication device via thecontactless communication interface; synchronizing the value of thecounter contained in the communication device with a server containingfinancial information; appending location information relating to thecommunication device to the unique URL; and transmitting the unique URLto the server.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A illustrates an example embodiment of a smart card.

FIG. 1B illustrates an example embodiment of a contact pad of the smartcard of FIG. 1A.

FIG. 2 illustrates an example embodiment of a system for secure dataaccess using a smart card.

FIG. 3 illustrates an example embodiment of a method of providing securedata access using a smart card.

FIG. 4A illustrates an example embodiment of an authentication selectionuser interface displayed by a software application.

FIG. 4B illustrates an example embodiment of authentication userinterfaces displayed by a software application.

FIG. 4C illustrates an example embodiment of an information userinterface displayed by a software application.

FIG. 5 illustrates an example embodiment of authentication andinformation user interfaces displayed on a web browser.

DETAILED DESCRIPTION

One aspect of the present disclosure is to provide a smart card thatdynamically generates uniform resource locators and systems and methodsusing smart cards to provide convenient and secure access to accountdata.

FIG. 1A illustrates a smart card 100 according to an example embodiment.In this embodiment, the smart card 100 may be a payment card, such as acredit card, debit card, or gift card, issued by a service provider 101displayed on the front or back of the smart card 100. The smart card 100may be formed of a substrate 102, which may include a single layer orone or more laminated layers composed of plastics, metals, and othermaterials. Exemplary substrate materials include polyvinyl chloride,polyvinyl chloride acetate, acrylonitrile butadiene styrene,polycarbonate, polyesters, anodized titanium, palladium, gold, carbon,paper, and biodegradable materials. In an embodiment, the smart card 100may have physical characteristics compliant with the ID-1 format of theISO/IEC 7810 standard, and the smart card 100 may otherwise be compliantwith the ISO/IEC 14443 standard. However, it is understood that a smartcard according to the present disclosure may have differentcharacteristics, and the present disclosure does not require a smartcard to be implemented in a payment card.

The smart card 100 may also include identification information 103displayed on the front and/or back of the card, and a contact pad 104.The contact pad 104 may establish contact with another communicationdevice, such as a smart phone, laptop, desktop, or tablet computer. Thesmart card 100 may also include processing circuitry, antenna and othercomponents not shown in FIG. 1A. These components may be located behindthe contact pad 104 or elsewhere on the substrate 102. The smart card100 may also include a magnetic strip or tape, which may be located onthe back of the card (not shown in FIG. 1A).

FIG. 1B illustrates an exploded view of the contact pad 104 of smartcard 100 according to an example embodiment. As shown in FIG. 1B, thecontact pad 104 may include processing circuitry 105 for storing andprocessing information, including a microprocessor 106 and a memory 107.It is understood that the processing circuitry 105 may containadditional components, including processors, memories, error andparity/CRC checkers, data encoders, anticollision algorithms,controllers, command decoders, security primitives and tamperproofinghardware, as necessary to perform the functions described herein.

The memory 107 may be a read-only memory, write-once read-multiplememory or read/write memory, e.g., RAM, ROM and EEPROM, and a smart card100 may include one or more of these memories. A read-only memory may befactory programmable as read-only or one-time programmable. One-timeprogrammability provides the opportunity to write once then read manytimes. A write once/read-multiple memory may be programmed at a point intime after the memory chip has left the factory. Once the memory isprogrammed, it may not be rewritten, but it may be read many times. Aread/write memory may be programmed and re-programed many times afterleaving the factory. It may also be read many times.

The memory 107 may store an applet 108, a counter 109, and a customeridentifier 110. The applet 108 may be a software application intended toexecute on smart cards, such as Java Card applet. However, it isunderstood that the applet is not limited to Java Card applets, andinstead may be any software application operable on smart cards or otherdevices having limited memory. The counter 109 may be a numeric countersufficient to store an integer. The customer identifier 110 may be aunique alphanumeric identifier assigned to the user of the smart card,and this identifier may distinguish the user of the smart card from allother smart card users. In an embodiment, the customer identifier 110may identify both the customer and an account assigned to that customerand may further identify the specific smart card 101 associated with thecustomer's account.

The memory 107 may be divided into several zones, with each zone havinga different level of security. The microprocessor 106 may keep track ofwhich memory addresses belong to which zones and the circumstances underwhich each zone may be accessed. In an example embodiment, the memory107 may be divided into four zones: a secret zone, a confidential zone,a usage zone, and a public zone.

A secret zone may be used for storage of information which may be usedonly by the microprocessor 106, e.g., passwords, cryptographic keys. Theinformation stored in this zone is not readable outside of the smartcard. In an embodiment, the secret zone may be implemented with aseparate processor that is capable of performing cryptographicfunctions. Cryptographic keys may be passed in to the secret zone or maybe generated in the secret zone, and in either case the keys may bestored in the secret zone and used to support cryptographic services. Ifnecessary, cryptographic keys may be exported from the secret zone.

A confidential zone may be used to store a list of all transactions madewith the card. The confidential zone may have password protection. In anexample embodiment, the password is known only to the card issuer, whomay examine the history of the card for evidence of misuse of thesystem. The confidential zone may have a read-only access restriction sothat the information stored in this zone could not be modified, e.g.,transaction list could not be modified. In another embodiment, theapplet 108 and any associated memory may be firewalled from otherapplets stored on the smart card 100. In this embodiment, the applet 108may handle the sending or receiving of any information.

A usage zone could be used for storage of information which may beperiodically updated or modified. Depending on the sensitivity of thedata, a password may be implemented for this zone. The usage zone mayhave both read and write access protected by a password. In anembodiment, the unique URL generated by the smart card may be stored inthe usage zone of the memory 107.

A public zone may be used for keeping nonsensitive information, such asthe card issuer's name and address, or the counter 109. The public zonemay have read-only access, without a password.

The processor and memory elements of the foregoing exemplary embodimentsare described with reference to the contact pad, but the presentdisclosure is not limited thereto. It is understood that these elementsmay be implemented outside of the pad or entirely separate from it, oras further elements in addition to processor and memory elements locatedwithin the contact pad.

As shown in FIG. 1B, the smart card 100 may include an antenna 111. Theantenna 111 may be placed within the smart card 100 and around theprocessing circuitry 105 of the contact pad 104. For example, theantenna 111 may be integral with the processing circuitry and theantenna 111 may be used with an external booster coil. As anotherexample, the antenna 111 may be external to the contact pad 104 and theprocessing circuitry 105.

In an embodiment, the coil of smart card 100 may act as the secondary ofan air core transformer. The terminal may communicate with the smartcard 100 by cutting power or amplitude modulation. The smart card 100may infer the data transmitted from the terminal using the gaps in thesmart card's power connection, which may be functionally maintainedthrough capacitors. The smart card 100 may communicate back by switchinga load on the smart card's coil or load modulation. Load modulation maybe detected in the terminal's coil through interference.

FIG. 2 illustrates a system for secure data access using a smart cardaccording to an example embodiment. As shown in FIG. 2, the system 200may include a smart card 201, a portable communication device 202, afixed communication device 203, and a server 204. In an embodiment, thesmart card 201 may be the same as the smart card 100 described withreference to FIGS. 1A and 1B.

The portable communication device 202 may include a microprocessor, amemory, a contactless communication interface having a communicationfield (not shown in FIG. 2), and a display. The portable communicationdevice 202 may also include means for receiving user input, such as akeypad, touch screen, voice command recognition, a stylus, and otherinput/output devices, and the display may be any type of display screen,including an LCD or LED display. Exemplary portable communicationdevices include, without limitation, smartphones, laptop computers,tablet computers, a personal digital assistant, a palmtop computer, orother portable computing device.

The portable communication device 202 may include a software applicationrelated to or affiliated with the smart card 201 and/or a web browser toview data received from the network connection. The software applicationor web browser may be configured to operate on a portable device. Thecontactless communication interface may be any short-range wirelesscommunication interface, such as near field communication (NFC) andradio-frequency identification (RFID). In an embodiment, the contactlesscommunication interface may be a NFC interface compliant with the ISO18092/ECMA-340. This contactless communication interface may allow datacommunication with the smart card 201, when the smart card 201 is withinthe interface's communication field. When the smart card 201 is withindata communication range of the portable communication device 202, thesmart card 201 may synchronize the value of the counter stored in itsmemory with the counter stored by the portable communication device 202,and further, the smart card 201 may transmit a unique URL to theportable communication device 202.

The portable communication device 202 may have data connectivity to anetwork, such as the Internet, via a wireless communication network, acellular network, a wide area network, a local area network, a wirelesspersonal area network, a wide body area network, or the like, or anycombination thereof. Through this connectivity, the portablecommunication device 202 may communicate with a server 204. For example,the portable communication device 202 may synchronize the counter storedin its memory with the server 204, and may transmit the unique URLreceived from the smart card 201 to the server 204 (e.g., the portablecommunication device 202 may open the unique URL in a web browser orsoftware application). Upon receipt of the unique URL, the server 204may send financial or other information to the smart card 201.

Fixed communication device 203 may include a microprocessor, a memory, acontactless communication interface having a communication field (notshown in FIG. 2), and a display. The fixed communication device 203 mayalso include means for receiving user input, such as a keypad, touchscreen, voice command recognition, a stylus, and other input/outputdevices, and the display may be any type of display screen, including anLCD or LED display. Exemplary fixed communication devices include,without limitations, desktop computers, a cash register, a kiosk, acheckout machine, an automated teller machine (ATM), an informationstation, a booth, an ordering station, a map or general informationdisplay, and a countertop computer display, as well as laptop computers,tablets, and other computing hardware with an assigned location.

The fixed communication device 203 may include a software applicationrelated to or affiliated with the smart card 201 and/or a web browser toview data received from the network connection. The software applicationor web browser may be configured to operate on a portable communicationdevice, such as portable communication device 202; alternatively, thesoftware application or web browser may be configured to operate on adevice with more system resources. The contactless communicationinterface may be any short-range wireless communication interface, suchas near field communication (NFC) and radio-frequency identification(RFID). In an embodiment, the contactless communication interface may bea NFC interface compliant with the ISO 18092/ECMA-340 standard. Thiscontactless communication interface may allow data communication withthe smart card 201, when the smart card 201 is within the interface'scommunication field. When the smart card 201 is within datacommunication range of the fixed communication device 203, the smartcard 201 may synchronize the value of the counter stored in its memorywith the counter stored by the fixed communication device 203, andfurther, the smart card 201 may transmit a unique URL to the fixedcommunication device 203. In an embodiment, the fixed communicationdevice 203 may be installed in a commercial establishment, such as astore, restaurant, office, or other work site.

The smart card 201 may generate the unique URL upon synchronizing thevalue of the counter stored in its memory with the value of the counterstored on the fixed communication device 203. The smart card 201 mayappend tags to the unique URL to provide additional information to thecommunication devices 202, 203 and the server 204. The tags may includea customer identifier, such as the customer identifier 110 discussedwith reference to FIG. 1.

In an embodiment, the portable communication device 202 may havelocation functionality through which the device may determine itscurrent geographic location. For example, the portable communicationdevice 202 may determine its location using the Global PositioningSystem (GPS) or based on its wireless data connection (e.g., a nearbycellular tower or a wireless internet router). The portablecommunication device 202 may append location information to the URLprior to sending the URL to the server 204.

The portable communication device 202 may append information relating toitself to the unique URL prior to sending the URL to the server 204. Forexample, the portable communication device 202 may append informationrelating to the brand or model of the device or its operating system.For example, the portable communication device 204 may append anidentifier relating to the user of the device, an identifier relating tothe registered owner of the device, or information identifying thedevice itself or relating to its operation, such as operating systeminformation. In an embodiment, the portable communication device 202 maybe a smart phone containing a subscriber identity module (SIM) card, theportable communication device 202 may append the international mobilesubscriber identity number to the URL.

Similarly, the fixed communication device 203 may append informationrelating to itself to the unique URL prior to sending the URL to theserver 204. Like the portable communication device 202, the fixedcommunication device may append information identifying the device orits operating system. In addition, given its stationary nature, thefixed communication device 203 may possess information specific to itslocation. For example, if the fixed communication device 203 is placedat an electronics store, information identifying the store and itscharacteristics may be appended to the unique URL. In an embodiment,this information and location information may be transmitted to theserver 204 through the unique URL to identify the specific electronicsstore, products available, or current promotions or rewards. In anotherembodiment, the fixed communication device 203 may have access to storerecords, such as a loyalty program or special offers, and thisinformation may be transmitted to the server 204.

The server 204 may be in data communication with a plurality ofcommunication devices, including portable communication device 202 andfixed communication device 203. This data communication may beaccomplished by a network, such as the Internet, via a wirelesscommunication network, a cellular network, a wide area network, a localarea network, a wireless personal area network, a wide body areanetwork, or the like, or any combination thereof. Using this dataconnectivity, the server 204 may synchronize the value of a counterstored in its memory with the counters stored in the communicationdevices 202, 203, receive a unique URL from the communication devices202, 203, and transmit information in response to the unique URL.

In an embodiment, the server 204 may also receive and interpretidentification information for the devices 202, 203. For example, theportable communication device 202 may append information identifyingitself or its user to the unique URL. Upon receipt of this information,the server 204 may compare the device identifying information to recordsfor the smart card 201 or the account or user associated with the smartcard 201 (which may be identified by the customer identifier). If theidentification information matches the account information and recordsavailable to the server 204, the server 204 may transmit financial orother information to the portable communication device 202. If theidentification information does not match, the server 204 may requestthat the user submit authentication information prior to thetransmission of any data in response to the unique URL. The requestedauthentication may be passwords, security questions, swipe patterns,image recognition, driver's license scan, multifactor authentication,and biometric authentication (e.g., voice recognition, a fingerprintscan, a retina scan, and a facial scan, if the portable communicationdevice 202 is configured to receive this input), or a combinationthereof. For example, multifactor authentication may include requiringthe user to retrieve and respond to, or obtain a code from, a textmessage sent to the smart card user's or registered phone number, anemail to the user's registered email address, or notification sent to asoftware application installed by the smart card user. In anotherexample, the telephone number, email address, and software applicationmay be associated with the account affiliated with the smart card 201,not the smart card user. As another example, the server 204 may permitthe user to choose one or more of the authentication methods supportedby the portable communication device 202. If the requestedauthentication is not provided, or if the server 204 finds that theinput authentication is incorrect, the server may decline to provide anyinformation to the portable communication device 202.

For example, the portable communication device 202 may be a smart phone,and information identifying the smart phone user or the smart phonedevice (e.g., via telephone number, SIM card, or other means) may beappended to the unique URL sent to the server 204. If the useridentification or the device identification provided by the portablecommunication device 202 match the smart card user or smart card accountinformation, the server 204 may transmit information responsive to theunique URL to the portable communication device 202. If not, the server204 may decline to transmit responsive information to the portablecommunication device 202 or may request additional authenticationinformation to be input into the portable communication device 202 priorto sending any information. In an embodiment where the identifyinginformation for the portable communication device 202 does not match therecords available to the server 204 and where incorrect authenticationinformation (or no authentication information) is provided, there may bean increased likelihood that the smart card 201 is in the possession ofan unauthorized individual, and the smart card 201 may have been lost orstolen. By declining to send information to the portable communicationdevice 202, the server 204 may have prevented the commission of a fraudor an identity theft.

In an embodiment, the fixed communication device 203 may support similarauthentication methods as the portable communication device 202. Inaddition, the fixed communication device 203 may allow for otherauthentication methods. For example, the fixed communication device 203may be placed at an information kiosk or checkout register at a store orother commercial location where store employees are supervising. In thiscase, the user may be required to show photo identification to anemployee. If proper identification is presented, the store employee mayenter a code, scan a badge, or otherwise indicate to the fixedcommunication device 203 that proper identification has been shown.

In an embodiment, the sensitivity of the information requested may alsodetermine whether the server requires additional authentication. Forexample, if the unique URL requests an account balance or credit score,the server may require additional authentication from the user prior totransmitting this information to the communication device. As anotherexample, if the unique URL requests information about a reward orloyalty program, the server may not require further authentication.

In an embodiment, the URL may be unique to this information request, andmay be based in part on the value of the counter and the customerinformation stored in the smart card's memory. The synchronization ofcounter values between the smart card 201, the communication devices202, 203, and the server 204 may facilitate the uniqueness of the URL.For example, the URL may include pseudo-random or quasi-random elements,which may be based on the counter value, the customer identification, orother value known between all devices, or a combination thereof. Asanother example, a unique URL may be formed by cryptographically hashingthe customer identification and the counter value, and the hash may beincluded as part of the unique URL. The server 204 may recreate the hashwith the expected value of the counter, and if there is a match, theserver 204 may determine that there has been a successfulauthentication, and the user may be permitted to access data. Inaddition, the information request may be the only time this particularURL is used, and subsequent requests may generate different URLs. Thismay be true even if the same information is requested multiple times.The use of a disposable URL may increase security for the informationrequest and may reduce the likelihood that an unauthorized usersuccessfully requests data access. In an embodiment, the smart card 201may generate a series of unique URLs to request or communicatesubsequent information to the communication devices 202, 203 and server204.

As another example, the server 204 may have access to a user's accountsetting and transaction history. If suspicious activity, potentialfraud, or an unusual frequency or magnitude of purchases was detected,the server 204 could seek additional authentication before providingfurther account information. In another embodiment, the smart card 201may determine if additional authentication is needed, and may generate aunique URL making that request.

In an embodiment, the functions of the server 204 may be performed by aplurality of servers connected by a network. These servers maycommunication through the Internet or other network, and are notrequired to be in any geographic proximity to the smart card 201 or thecommunication devices 202, 203. The server 204 may also communicate withservers outside of the system depicted in FIG. 2, such as servers belongto commercial or other entities in order or obtain, provide, or verifyinformation.

FIG. 3 is a flow chart diagramming a method of providing secure dataaccess using a smart card according to an example embodiment. The securedata access method 300 commences at step 305 when the smart card entersthe communication field of a portable or fixed communication device. Instep 310, upon entry into the communication field, the smart cardincrements the value of the counter stored in its memory, and in step315, the smart card synchronizes this value with the counter stored onthe communication device. Then, in step 320, the smart card may generatea unique URL, which may indicate the information requested, along withthe counter value and the customer identification. In an embodiment, thesmart card may append location information, device-specific information,or user-specific information in the URL, and potentially otherinformation relevant to the request.

Upon generation of the unique URL, the smart card may transmit the URL,via its contactless communication interface, to the communication devicein step 325, and the URL may be stored in the memory of thecommunication device. Upon receipt of the unique URL, the communicationdevice may synchronize the value of its counter with the counter storedby the server in step 330 and accordingly, the server will have thevalue of the counter used to create the unique URL. Further, thecommunication device may append additional information, such asinformation identifying itself or its location, to the unique URL priorto sending the URL to the server. Once this is complete, thecommunication device may transmit the unique URL to the server in step335.

Upon receipt of the unique URL, in step 340 the server determineswhether the information requested is sufficiently sensitive to requireadditional authentication. If the server determines that no furtherauthentication is required, the “NO” choice is made in step 345, and theserver transmits the requested information to the communication device(step 350) for display to the user (step 360).

Alternatively, if the server determines that additional information isneeded, the “YES” choice is made in step 345 and the communicationdevice prompts the user to provide additional authentication in step360. If the user fails to provide sufficient authentication, the “NO”choice is made at step 365 and the server declines to transmitinformation to the communication device (step 370). If sufficientauthentication is provided, the “YES” choice is made at step 365, theserver transmits the requested information to the communication device(step 375) for display to the user (step 380).

FIGS. 4A, 4B, and 4C illustrate authentication and account informationuser interfaces displayed on a software application according to exampleembodiments. The software application may be designed for use on bothportable and fixed communication devices and may be optimized for use oneach device. It is understood that the interfaces illustrated in FIGS.4A, 4B, and 4C are exemplary, and the information that may be displayedis not limited thereto.

As shown in FIG. 4A, the application may display an authenticationmethod selection interface 410. This interface may be shown if theserver determines that, upon opening of the unique URL by the softwareapplication, additional authentication is required to view the requestedinformation. Authentication method selection interface 410 may list theauthentication methods supported by the application, communicationdevice, and server, including the methods previously discussed, forwhich authenticating information is available. As shown in FIG. 4A,these methods include entering a password, receiving a security code,and scanning a fingerprint.

FIG. 4B illustrates several authentication user interfaces. Passwordauthentication interface 420 requires the user to enter a password priorto the display of any information by the application. Security codeauthentication interface 430 requires the entry of a security code,which may be sent via email to the user's registered email address orvia text message to the user's registered telephone number. Fingerprintauthentication interface 440 requires the user to place a finger over afingerprint scanner (not shown in FIG. 4B). Each of these interfacesallows the user to select another method authentication by pressing thebutton at the bottom of the interface. If pressed, the button may returnthe user to the authentication method selection interface 410. Theauthentication information submitted through these interfaces may betransmitted to the server for verification, and if the user issuccessfully authenticated, the user may view the account interface 450shown in FIG. 4C. If the user is not successfully authenticated, thesoftware application may prompt the user to resubmit the information orchoose another authentication method, may inform the user theinformation is not current accessible, or the application may close. Itis understood that the authentication interfaces 420, 430, 440 aremerely exemplary, and the information available for viewing in the webbrowser is not limited what is illustrated in FIG. 4B.

FIG. 4C illustrates the account interface 450, which is displayed if theuser is successfully authenticated. The account interface 450 maydisplay information relating to the account associated with the smartcard. As shown in FIG. 4C, a credit card account is displayed, andrelevant information for this account, including name, account number,and outstanding balance are shown. In addition, the user may choose toview further information regarding account activity, rewards, andaccount options by choosing from the buttons listed at the bottom ofaccount interface 450. Once the user is finished, the user may end thebrowsing session by logging out of the account using the logout button.

FIG. 5 illustrates authentication and account information userinterfaces displayed on a web browser according to example embodiments.It is understood that the interfaces illustrated in FIG. 5 areexemplary, and the information that may be displayed is not limitedthereto.

In an embodiment, the authentication interface 510 may be displayed if,in response to the web browser opening the unique URL, the serverdetermines that additional authentication is required to view therequested information. As shown in FIG. 5, the authentication interface510 may receive a user name or password as authentication.Alternatively, the authentication interface 510 may require only apassword. In addition, the authentication interface 510 may give theuser the option to select another method of authentication. Thesemethods may include any other authentication methods supported by theweb browser, the communication device, and the server, including themethods previously discussed, for which authenticating information isavailable.

Upon entry of this information, the web browser communicates with theserver to verify the submitted information. If the user is successfullyauthenticated, the account interface 520 may be displayed. The accountinterface 520 may display information relating to the account associatedwith the smart card. In the embodiment illustrated in FIG. 5, a creditcard account is displayed, and relevant information for this account,including name, account number, and outstanding balance are shown. Inaddition, the user may choose to view further information regardingaccount activity, rewards, and account options by choosing from thebuttons listed at the bottom of account interface 520. It is understoodthat the authentication interface 510 and the interface 520 are merelyexemplary, and the information available for viewing in the web browseris not limited what is illustrated in FIG. 5. Once the user is finished,the user may end the browsing session by logging out of the accountusing the logout button. If the user is not successfully authenticated,the web browser may prompt the user to resubmit the information orchoose another authentication method, may inform the user that theirinformation is not currently accessible, or the browser may close.

The interfaces of the foregoing embodiments may be formatted, forexample, as web pages in HyperText Markup Language (HTML), ExtensibleMarkup Language (XML) or in any other suitable form for presentation onthe communication device. The form and formatting may be dependent uponapplications used by users to interact with the device and the systemresources available to the device. The user may use any device forentering information into the communication devices that is availableand supported by the devices, including a touch screen, virtualkeyboard, cursor-control device, stylus, voice recognition.

The present disclosure is not to be limited in terms of the particularembodiments described in this application, which are intended asillustrations of various aspects. Many modifications and variations canbe made without departing from its spirit and scope, as may be apparent.Functionally equivalent methods and apparatuses within the scope of thedisclosure, in addition to those enumerated herein, may be apparent fromthe foregoing representative descriptions. Such modifications andvariations are intended to fall within the scope of the appendedrepresentative claims. The present disclosure is to be limited only bythe terms of the appended representative claims, along with the fullscope of equivalents to which such representative claims are entitled.It is also to be understood that the terminology used herein is for thepurpose of describing particular embodiments only, and is not intendedto be limiting.

1-20. (canceled)
 21. An information access system, comprising: a serverstoring a server counter; and a smart card comprising a microprocessor,a communication interface, and a memory storing an applet, a cardcounter, and a customer identifier, wherein the microprocessor isconfigured to: increment the card counter, transmit the incremented cardcounter via the communication interface for synchronization with theserver, generate a unique one-time uniform resource locator (URL) bycryptographically hashing the incremented value of the card counter andthe customer identifier, and transmit the unique one-time URL via thecommunication interface; and wherein, upon receipt of the incrementedcard counter, the server is configured to synchronize the incrementedcard counter and the server counter.
 22. The information access systemof claim 21, wherein the cryptographic hash is included in the URL. 23.The information access system of claim 21, wherein the communicationfield is generated by a communication device comprising a processor anda memory storing an application comprising instructions for execution bythe processor.
 24. The information access system of claim 23, wherein:the application receives the unique one-time URL from the smart card andtransmits the unique one-time URL to the server, the server recreatesthe cryptographic hash using the incremented counter value, and theserver compares the recreated cryptographic hash to the received uniqueone-time URL for authentication.
 25. The information access system ofclaim 24, wherein upon a successful comparison, the server transmitsfinancial information to the application.
 26. The system for the secureaccess of information of claim 25, wherein prior to sending financialinformation to the application, the server requests entry ofauthentication information on the application.
 27. The informationaccess system of claim 24, wherein the application appends deviceidentification information to the unique one-time URL prior totransmitting the unique one-time URL to the server.
 28. The informationaccess system of claim 24, wherein the application appends locationinformation to the unique one-time URL prior to transmitting the uniqueone-time URL to the server.
 29. The information access system of claim24, wherein the application appends user identification information tothe unique one-time URL prior to transmitting the unique one-time URL tothe server.
 30. The information access system of claim 21, wherein theunique one-time URL requests at least one selected from the group of anaccount balance, a credit score, and a product availability.
 31. Theinformation access system of claim 10, wherein, upon determining thatthe unique one-time URL requests an account balance or a credit score,the server requests additional authentication information.
 32. A methodfor information access using a smart card comprising a communicationinterface, a microprocessor, and a memory storing an applet, a cardcounter, and a unique customer identifier, the method comprising thesteps of: upon entering the communication field of a communicationdevice comprising a processor and a memory storing an applicationcomprising instructions for execution by the processor, incrementing thecard counter; transmitting the incremented card counter forsynchronization via the communication interface; generating a uniqueone-time uniform resource locator (URL) by cryptographically hashing theincremented value of the card counter and the customer identifier; andtransmitting the unique one-time URL via the communication interface.33. The method for information access of claim 32, wherein: theincremented card counter is transmitted to a server storing a servercounter, and the server is configured to synchronize the incrementedcard counter with the server counter.
 34. The method for informationaccess of claim 32, wherein: the incremented card counter is transmittedto a server storing a server counter, and the server is configured tosynchronize the incremented card counter with the server counter. 35.The method for information access of claim 32, further comprising:recreating, by the server, the cryptographic hash using an expectedserver counter value and the unique customer identifier; comparing, bythe server, the recreated cryptographic hash to the unique one-time URL;and transmitting, by the server, financial information to theapplication if the recreated cryptographic hash matches the uniqueone-time URL.
 36. The method for information access of claim 32, furthercomprising appending, by the application, location information to theURL.
 37. The method of accessing of information of claim 16, furthercomprising receiving location-specific data from the server in responseto the appended location information.
 38. The method of accessing ofinformation of claim 32, further compromising appending informationidentifying the communication device to the unique one-time URL beforetransmitting the unique one-time URL to the server.
 39. The method ofaccessing of information of claim 38, wherein upon review of theinformation identifying the communication device appended to the uniqueone-time URL by the server, requesting additional authenticationinformation prior to transmitting financial information from the serverto the communication device.
 40. A non-transitory computer-accessiblemedium having stored thereon computer-executable instructions forproviding information access, wherein, when a computer arrangementcomprising a communication interface, a microprocessor, and a memorystoring an applet, a card counter, and a unique customer identifier,executes the instructions, the computer arrangement is configured toperform procedures comprising: incrementing the card counter;transmitting the incremented card counter for synchronization via thecommunication interface; generating a unique one-time uniform resourcelocator (URL) by cryptographically hashing the incremented value of thecard counter and the customer identifier; and transmitting the uniqueone-time URL via the communication interface.